Changeset 233176 in webkit
- Timestamp:
- Jun 25, 2018 2:29:50 PM (6 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r233173 r233176 1 2018-06-25 Brent Fulgham <bfulgham@apple.com> 2 3 REGRESSION(r229722): WebKitLegacy clients can crash when loading alternate page 4 https://bugs.webkit.org/show_bug.cgi?id=187008 5 6 Reviewed by Chris Dumez. 7 8 The new call to 'clearProvisionalLoadForPolicyCheck' added in r229722 broke loading 9 behavior in WebKitLegacy. 10 11 1. We can now enter 'cancelPolicyCheckIfNeeded' without a Frame loader, in what appears 12 to be a recursive call during the load cancellation (the 'm_waitingForContentPolicy' 13 and 'm_waitingForNavigationPolicy' have already been nulled). It seems like we should 14 return early here, or perhaps just move the RELEASE_ASSERT inside the case where we 15 have an active policy check happening. 16 17 2. We also enter FrameLoader::checkContentPolicy without an active document loader. We 18 should recognize this case and handle it, rather than trying to dereference a nullptr 19 document loader. 20 21 * loader/DocumentLoader.cpp: 22 (WebCore::DocumentLoader::cancelPolicyCheckIfNeeded): Move the RELEASE_ASSERT inside the 23 conditional where the frameLoader is actually used. 24 * loader/FrameLoader.cpp: 25 (WebCore::FrameLoader::checkContentPolicy): Recognize that the activeDocumentLoader may 26 be nullptr at this point, and take appropriate action (rather than crashing). 27 1 28 2018-06-25 Simon Fraser <simon.fraser@apple.com> 2 29 -
trunk/Source/WebCore/loader/DocumentLoader.cpp
r233122 r233176 1814 1814 void DocumentLoader::cancelPolicyCheckIfNeeded() 1815 1815 { 1816 RELEASE_ASSERT(frameLoader());1817 1818 1816 if (m_waitingForContentPolicy || m_waitingForNavigationPolicy) { 1817 RELEASE_ASSERT(frameLoader()); 1819 1818 frameLoader()->policyChecker().stopCheck(); 1820 1819 m_waitingForContentPolicy = false; -
trunk/Source/WebCore/loader/FrameLoader.cpp
r233122 r233176 363 363 void FrameLoader::checkContentPolicy(const ResourceResponse& response, ContentPolicyDecisionFunction&& function) 364 364 { 365 if (!activeDocumentLoader()) { 366 // Load was cancelled 367 function(PolicyAction::Ignore); 368 return; 369 } 370 365 371 client().dispatchDecidePolicyForResponse(response, activeDocumentLoader()->request(), WTFMove(function)); 366 372 }
Note: See TracChangeset
for help on using the changeset viewer.